Removed strayed code fragment
[strongswan.git] / src / charon / plugins / sql / sql_cred.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <string.h>
17
18 #include "sql_cred.h"
19
20 #include <daemon.h>
21
22 typedef struct private_sql_cred_t private_sql_cred_t;
23
24 /**
25 * Private data of an sql_cred_t object
26 */
27 struct private_sql_cred_t {
28
29 /**
30 * Public part
31 */
32 sql_cred_t public;
33
34 /**
35 * database connection
36 */
37 database_t *db;
38 };
39
40 /**
41 * enumerator over private keys
42 */
43 typedef struct {
44 /** implements enumerator */
45 enumerator_t public;
46 /** inner SQL enumerator */
47 enumerator_t *inner;
48 /** currently enumerated private key */
49 private_key_t *current;
50 } private_enumerator_t;
51
52 /**
53 * Implementation of private_enumerator_t.public.enumerate
54 */
55 static bool private_enumerator_enumerate(private_enumerator_t *this,
56 private_key_t **key)
57 {
58 chunk_t blob;
59 int type;
60
61 DESTROY_IF(this->current);
62 while (this->inner->enumerate(this->inner, &type, &blob))
63 {
64 this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
65 BUILD_BLOB_ASN1_DER, blob,
66 BUILD_END);
67 if (this->current)
68 {
69 *key = this->current;
70 return TRUE;
71 }
72 }
73 this->current = NULL;
74 return FALSE;
75 }
76
77 /**
78 * Implementation of private_enumerator_t.public.destroy
79 */
80 static void private_enumerator_destroy(private_enumerator_t *this)
81 {
82 DESTROY_IF(this->current);
83 this->inner->destroy(this->inner);
84 free(this);
85 }
86
87 /**
88 * Implementation of credential_set_t.create_private_enumerator.
89 */
90 static enumerator_t* create_private_enumerator(private_sql_cred_t *this,
91 key_type_t type,
92 identification_t *id)
93 {
94 private_enumerator_t *e;
95
96 e = malloc_thing(private_enumerator_t);
97 e->current = NULL;
98 e->public.enumerate = (void*)private_enumerator_enumerate;
99 e->public.destroy = (void*)private_enumerator_destroy;
100 if (id && id->get_type(id) != ID_ANY)
101 {
102 e->inner = this->db->query(this->db,
103 "SELECT p.type, p.data FROM private_keys AS p "
104 "JOIN private_key_identity AS pi ON p.id = pi.private_key "
105 "JOIN identities AS i ON pi.identity = i.id "
106 "WHERE i.type = ? AND i.data = ? AND (? OR p.type = ?)",
107 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
108 DB_INT, type == KEY_ANY, DB_INT, type,
109 DB_INT, DB_BLOB);
110 }
111 else
112 {
113 e->inner = this->db->query(this->db,
114 "SELECT type, data FROM private_keys WHERE (? OR type = ?)",
115 DB_INT, type == KEY_ANY, DB_INT, type,
116 DB_INT, DB_BLOB);
117 }
118 if (!e->inner)
119 {
120 free(e);
121 return NULL;
122 }
123 return &e->public;
124 }
125
126 /**
127 * enumerator over certificates
128 */
129 typedef struct {
130 /** implements enumerator */
131 enumerator_t public;
132 /** inner SQL enumerator */
133 enumerator_t *inner;
134 /** currently enumerated cert */
135 certificate_t *current;
136 } cert_enumerator_t;
137
138 /**
139 * Implementation of cert_enumerator_t.public.enumerate
140 */
141 static bool cert_enumerator_enumerate(cert_enumerator_t *this,
142 certificate_t **cert)
143 {
144 chunk_t blob;
145 int type;
146
147 DESTROY_IF(this->current);
148 while (this->inner->enumerate(this->inner, &type, &blob))
149 {
150 this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
151 BUILD_BLOB_ASN1_DER, blob,
152 BUILD_END);
153 if (this->current)
154 {
155 *cert = this->current;
156 return TRUE;
157 }
158 }
159 this->current = NULL;
160 return FALSE;
161 }
162
163 /**
164 * Implementation of cert_enumerator_t.public.destroy
165 */
166 static void cert_enumerator_destroy(cert_enumerator_t *this)
167 {
168 DESTROY_IF(this->current);
169 this->inner->destroy(this->inner);
170 free(this);
171 }
172
173 /**
174 * Implementation of credential_set_t.create_cert_enumerator.
175 */
176 static enumerator_t* create_cert_enumerator(private_sql_cred_t *this,
177 certificate_type_t cert, key_type_t key,
178 identification_t *id, bool trusted)
179 {
180 cert_enumerator_t *e;
181
182 e = malloc_thing(cert_enumerator_t);
183 e->current = NULL;
184 e->public.enumerate = (void*)cert_enumerator_enumerate;
185 e->public.destroy = (void*)cert_enumerator_destroy;
186 if (id && id->get_type(id) != ID_ANY)
187 {
188 e->inner = this->db->query(this->db,
189 "SELECT c.type, c.data FROM certificates AS c "
190 "JOIN certificate_identity AS ci ON c.id = ci.certificate "
191 "JOIN identities AS i ON ci.identity = i.id "
192 "WHERE i.type = ? AND i.data = ? AND "
193 "(? OR c.type = ?) AND (? OR c.keytype = ?)",
194 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
195 DB_INT, cert == CERT_ANY, DB_INT, cert,
196 DB_INT, key == KEY_ANY, DB_INT, key,
197 DB_INT, DB_BLOB);
198 }
199 else
200 {
201 e->inner = this->db->query(this->db,
202 "SELECT type, data FROM certificates WHERE "
203 "(? OR type = ?) AND (? OR keytype = ?)",
204 DB_INT, cert == CERT_ANY, DB_INT, cert,
205 DB_INT, key == KEY_ANY, DB_INT, key,
206 DB_INT, DB_BLOB);
207 }
208 if (!e->inner)
209 {
210 free(e);
211 return NULL;
212 }
213 return &e->public;
214 }
215
216 /**
217 * enumerator over shared keys
218 */
219 typedef struct {
220 /** implements enumerator */
221 enumerator_t public;
222 /** inner SQL enumerator */
223 enumerator_t *inner;
224 /** own identity */
225 identification_t *me;
226 /** remote identity */
227 identification_t *other;
228 /** currently enumerated private key */
229 shared_key_t *current;
230 } shared_enumerator_t;
231
232 /**
233 * Implementation of shared_enumerator_t.public.enumerate
234 */
235 static bool shared_enumerator_enumerate(shared_enumerator_t *this,
236 shared_key_t **shared,
237 id_match_t *me, id_match_t *other)
238 {
239 chunk_t blob;
240 int type;
241
242 DESTROY_IF(this->current);
243 while (this->inner->enumerate(this->inner, &type, &blob))
244 {
245 this->current = shared_key_create(type, chunk_clone(blob));
246 if (this->current)
247 {
248 *shared = this->current;
249 if (me)
250 {
251 *me = this->me ? ID_MATCH_PERFECT : ID_MATCH_ANY;
252 }
253 if (other)
254 {
255 *other = this->other ? ID_MATCH_PERFECT : ID_MATCH_ANY;
256 }
257 return TRUE;
258 }
259 }
260 this->current = NULL;
261 return FALSE;
262 }
263
264 /**
265 * Implementation of shared_enumerator_t.public.destroy
266 */
267 static void shared_enumerator_destroy(shared_enumerator_t *this)
268 {
269 DESTROY_IF(this->current);
270 this->inner->destroy(this->inner);
271 free(this);
272 }
273
274 /**
275 * Implementation of credential_set_t.create_shared_enumerator.
276 */
277 static enumerator_t* create_shared_enumerator(private_sql_cred_t *this,
278 shared_key_type_t type,
279 identification_t *me, identification_t *other)
280 {
281 shared_enumerator_t *e;
282
283 e = malloc_thing(shared_enumerator_t);
284 e->me = me;
285 e->other = other;
286 e->current = NULL;
287 e->public.enumerate = (void*)shared_enumerator_enumerate;
288 e->public.destroy = (void*)shared_enumerator_destroy;
289 if (!me && !other)
290 {
291 e->inner = this->db->query(this->db,
292 "SELECT type, data FROM shared_secrets WHERE (? OR type = ?)",
293 DB_INT, type == SHARED_ANY, DB_INT, type,
294 DB_INT, DB_BLOB);
295 }
296 else if (me && other)
297 {
298 e->inner = this->db->query(this->db,
299 "SELECT s.type, s.data FROM shared_secrets AS s "
300 "JOIN shared_secret_identity AS sm ON s.id = sm.shared_secret "
301 "JOIN identities AS m ON sm.identity = m.id "
302 "JOIN shared_secret_identity AS so ON s.id = so.shared_secret "
303 "JOIN identities AS o ON so.identity = o.id "
304 "WHERE m.type = ? AND m.data = ? AND o.type = ? AND o.data = ? "
305 "AND (? OR s.type = ?)",
306 DB_INT, me->get_type(me), DB_BLOB, me->get_encoding(me),
307 DB_INT, other->get_type(other), DB_BLOB, other->get_encoding(other),
308 DB_INT, type == SHARED_ANY, DB_INT, type,
309 DB_INT, DB_BLOB);
310 }
311 else
312 {
313 identification_t *id = me ? me : other;
314
315 e->inner = this->db->query(this->db,
316 "SELECT s.type, s.data FROM shared_secrets AS s "
317 "JOIN shared_secret_identity AS si ON s.id = si.shared_secret "
318 "JOIN identities AS i ON si.identity = i.id "
319 "WHERE i.type = ? AND i.data = ? AND (? OR s.type = ?)",
320 DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
321 DB_INT, type == SHARED_ANY, DB_INT, type,
322 DB_INT, DB_BLOB);
323 }
324 if (!e->inner)
325 {
326 free(e);
327 return NULL;
328 }
329 return &e->public;
330 }
331
332 /**
333 * Implementation of credential_set_t.cache_cert.
334 */
335 static void cache_cert(private_sql_cred_t *this, certificate_t *cert)
336 {
337 /* TODO: implement CRL caching to database */
338 }
339
340 /**
341 * Implementation of sql_cred_t.destroy.
342 */
343 static void destroy(private_sql_cred_t *this)
344 {
345 free(this);
346 }
347 /**
348 * Described in header.
349 */
350 sql_cred_t *sql_cred_create(database_t *db)
351 {
352 private_sql_cred_t *this = malloc_thing(private_sql_cred_t);
353
354 this->public.set.create_private_enumerator = (void*)create_private_enumerator;
355 this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
356 this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
357 this->public.set.create_cdp_enumerator = (void*)return_null;
358 this->public.set.cache_cert = (void*)cache_cert;
359 this->public.destroy = (void(*)(sql_cred_t*))destroy;
360
361 this->db = db;
362
363 return &this->public;
364 }
365